<!DOCTYPE html>
<html lang="zh-CN">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Jenkins安全加固与权限管理指南 | 技术小馆</title>
    <link rel="stylesheet" href="https://cdn.staticfile.org/font-awesome/6.4.0/css/all.min.css">
    <link rel="stylesheet" href="https://cdn.staticfile.org/tailwindcss/2.2.19/tailwind.min.css">
    <link href="https://fonts.googleapis.com/css2?family=Noto+Serif+SC:wght@400;500;600;700&family=Noto+Sans+SC:wght@300;400;500;700&display=swap" rel="stylesheet">
    <script src="https://cdn.jsdelivr.net/npm/mermaid@latest/dist/mermaid.min.js"></script>
    <style>
        body {
            font-family: 'Noto Sans SC', Tahoma, Arial, Roboto, "Droid Sans", "Helvetica Neue", "Droid Sans Fallback", "Heiti SC", "Hiragino Sans GB", Simsun, sans-serif;
            line-height: 1.8;
            color: #333;
        }
        h1, h2, h3, h4 {
            font-family: 'Noto Serif SC', serif;
            font-weight: 600;
        }
        .hero-gradient {
            background: linear-gradient(135deg, #1e3c72 0%, #2a5298 100%);
        }
        .card:hover {
            transform: translateY(-5px);
            box-shadow: 0 20px 25px -5px rgba(0, 0, 0, 0.1), 0 10px 10px -5px rgba(0, 0, 0, 0.04);
        }
        .section-divider {
            border: none;
            height: 1px;
            background: linear-gradient(90deg, transparent, rgba(0,0,0,0.1), transparent);
        }
        .highlight-box {
            border-left: 4px solid #1e3c72;
            background-color: rgba(30, 60, 114, 0.05);
        }
        .mermaid-tooltip {
            position: absolute;
            background: white;
            padding: 8px;
            border-radius: 4px;
            box-shadow: 0 2px 8px rgba(0,0,0,0.1);
            z-index: 100;
            display: none;
        }
    </style>
</head>
<body class="bg-gray-50">
    <!-- Hero Section -->
    <section class="hero-gradient text-white py-20 px-4">
        <div class="container mx-auto max-w-5xl text-center">
            <div class="inline-block bg-white bg-opacity-20 rounded-full px-6 py-2 mb-4">
                <span class="text-sm font-medium tracking-wider"><i class="fas fa-lock mr-2"></i>DevOps安全指南</span>
            </div>
            <h1 class="text-4xl md:text-5xl font-bold mb-6 leading-tight">Jenkins安全加固与权限管理</h1>
            <p class="text-xl md:text-2xl font-light max-w-3xl mx-auto mb-8 opacity-90">全面保护您的CI/CD流水线，构建企业级安全防线</p>
            <div class="flex justify-center space-x-4">
                <a href="#why" class="bg-white text-blue-900 hover:bg-blue-50 px-6 py-3 rounded-lg font-medium transition duration-300 shadow-md">安全必要性</a>
                <a href="#solutions" class="bg-transparent border-2 border-white hover:bg-white hover:bg-opacity-10 px-6 py-3 rounded-lg font-medium transition duration-300">解决方案</a>
            </div>
        </div>
    </section>

    <!-- Main Content -->
    <main class="container mx-auto max-w-5xl px-4 py-12">
        <!-- Introduction -->
        <section class="mb-16">
            <p class="text-lg text-gray-700 mb-8 leading-relaxed">Jenkins 是当今最流行的持续集成和持续交付（CI/CD）工具之一，广泛应用于各种规模的项目中。然而，随着 Jenkins 在企业中的普及，其权限管理和安全性问题也日益凸显。一个配置不当的 Jenkins 实例可能会成为安全漏洞的温床，导致数据泄露、未经授权的访问甚至系统被攻破。</p>
            
            <!-- Visualization: Security Risks -->
            <div class="bg-white rounded-xl shadow-md p-6 mb-8">
                <div class="flex items-center mb-4">
                    <div class="bg-red-100 p-3 rounded-lg mr-4">
                        <i class="fas fa-shield-alt text-red-500 text-xl"></i>
                    </div>
                    <h3 class="text-xl font-semibold">潜在安全威胁可视化</h3>
                </div>
                <div class="mermaid">
                    graph TD
                    A[配置不当的Jenkins] --> B[敏感数据泄露]
                    A --> C[未授权访问]
                    A --> D[系统被攻破]
                    A --> E[合规风险]
                    B --> F[API密钥暴露]
                    B --> G[数据库凭证泄露]
                    C --> H[恶意构建触发]
                    C --> I[配置篡改]
                </div>
            </div>
        </section>

        <!-- Why Section -->
        <section id="why" class="mb-16">
            <div class="flex items-center mb-8">
                <div class="w-12 h-1 bg-blue-600 mr-4"></div>
                <h2 class="text-3xl font-bold text-gray-800">1. 为什么需要权限管理与安全加固？</h2>
            </div>

            <!-- 1.1 -->
            <article class="mb-10">
                <h3 class="text-2xl font-semibold text-gray-800 mb-4 flex items-center">
                    <span class="bg-blue-100 text-blue-800 rounded-full w-8 h-8 flex items-center justify-center mr-3">1</span>
                    保护敏感数据
                </h3>
                <div class="bg-white rounded-lg shadow-sm p-6 highlight-box">
                    <p class="text-gray-700 mb-4">Jenkins 通常用于构建和部署应用程序，涉及大量的敏感信息，如 API 密钥、数据库密码、部署凭证等。如果这些信息被未经授权的人员访问，可能会导致严重的安全问题。</p>
                    <div class="flex items-center text-sm text-blue-600">
                        <i class="fas fa-exclamation-triangle mr-2"></i>
                        <span>风险等级: 高</span>
                    </div>
                </div>
            </article>

            <!-- 1.2 -->
            <article class="mb-10">
                <h3 class="text-2xl font-semibold text-gray-800 mb-4 flex items-center">
                    <span class="bg-blue-100 text-blue-800 rounded-full w-8 h-8 flex items-center justify-center mr-3">2</span>
                    防止未经授权的操作
                </h3>
                <div class="bg-white rounded-lg shadow-sm p-6 highlight-box">
                    <p class="text-gray-700 mb-4">未经授权的用户可能会修改 Jenkins 配置、触发构建任务或删除重要数据，导致项目中断或数据丢失。</p>
                    <div class="grid grid-cols-1 md:grid-cols-3 gap-4 mt-4">
                        <div class="bg-red-50 p-4 rounded-lg border-l-4 border-red-500">
                            <h4 class="font-medium text-red-800 mb-2 flex items-center">
                                <i class="fas fa-bolt mr-2"></i>配置修改
                            </h4>
                            <p class="text-sm text-gray-600">可能导致构建失败或注入恶意代码</p>
                        </div>
                        <div class="bg-yellow-50 p-4 rounded-lg border-l-4 border-yellow-500">
                            <h4 class="font-medium text-yellow-800 mb-2 flex items-center">
                                <i class="fas fa-play-circle mr-2"></i>构建触发
                            </h4>
                            <p class="text-sm text-gray-600">可能消耗资源或执行恶意任务</p>
                        </div>
                        <div class="bg-purple-50 p-4 rounded-lg border-l-4 border-purple-500">
                            <h4 class="font-medium text-purple-800 mb-2 flex items-center">
                                <i class="fas fa-trash-alt mr-2"></i>数据删除
                            </h4>
                            <p class="text-sm text-gray-600">可能导致历史构建记录丢失</p>
                        </div>
                    </div>
                </div>
            </article>

            <!-- 1.3 -->
            <article class="mb-10">
                <h3 class="text-2xl font-semibold text-gray-800 mb-4 flex items-center">
                    <span class="bg-blue-100 text-blue-800 rounded-full w-8 h-8 flex items-center justify-center mr-3">3</span>
                    遵守合规要求
                </h3>
                <div class="bg-white rounded-lg shadow-sm p-6 highlight-box">
                    <p class="text-gray-700 mb-4">许多企业和行业对数据安全和访问控制有严格的合规要求。通过权限管理和安全加固，可以确保 Jenkins 实例符合这些要求。</p>
                    <div class="mt-4">
                        <div class="flex items-center text-gray-600 mb-2">
                            <i class="fas fa-check-circle text-green-500 mr-2"></i>
                            <span>满足GDPR、HIPAA等法规要求</span>
                        </div>
                        <div class="flex items-center text-gray-600 mb-2">
                            <i class="fas fa-check-circle text-green-500 mr-2"></i>
                            <span>通过企业安全审计</span>
                        </div>
                        <div class="flex items-center text-gray-600">
                            <i class="fas fa-check-circle text-green-500 mr-2"></i>
                            <span>降低安全责任风险</span>
                        </div>
                    </div>
                </div>
            </article>
        </section>

        <hr class="section-divider my-12">

        <!-- Solutions Section -->
        <section id="solutions" class="mb-16">
            <div class="flex items-center mb-8">
                <div class="w-12 h-1 bg-blue-600 mr-4"></div>
                <h2 class="text-3xl font-bold text-gray-800">2. Jenkins 权限管理</h2>
            </div>

            <!-- 2.1 -->
            <article class="mb-12">
                <h3 class="text-2xl font-semibold text-gray-800 mb-6 flex items-center">
                    <span class="bg-blue-600 text-white rounded-full w-8 h-8 flex items-center justify-center mr-3">1</span>
                    安装 Role Strategy 插件
                </h3>
                <div class="grid grid-cols-1 md:grid-cols-2 gap-8">
                    <div class="bg-white rounded-xl shadow-md overflow-hidden">
                        <div class="bg-gray-100 px-6 py-4 border-b">
                            <h4 class="font-medium text-gray-800 flex items-center">
                                <i class="fas fa-plug text-blue-500 mr-2"></i>插件功能概述
                            </h4>
                        </div>
                        <div class="p-6">
                            <p class="text-gray-700 mb-4">Jenkins 默认的权限管理功能较为简单，无法满足复杂项目的需求。通过安装 <strong>Role Strategy 插件</strong>，可以实现更细粒度的权限控制。</p>
                            <ul class="space-y-3">
                                <li class="flex items-start">
                                    <i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
                                    <span>基于角色的访问控制</span>
                                </li>
                                <li class="flex items-start">
                                    <i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
                                    <span>项目级别的权限分配</span>
                                </li>
                                <li class="flex items-start">
                                    <i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
                                    <span>与LDAP/AD集成</span>
                                </li>
                            </ul>
                        </div>
                    </div>
                    <div class="bg-white rounded-xl shadow-md overflow-hidden">
                        <div class="bg-gray-100 px-6 py-4 border-b">
                            <h4 class="font-medium text-gray-800 flex items-center">
                                <i class="fas fa-download text-blue-500 mr-2"></i>安装步骤
                            </h4>
                        </div>
                        <div class="p-6">
                            <ol class="space-y-4">
                                <li class="flex items-start">
                                    <span class="bg-blue-100 text-blue-800 rounded-full w-6 h-6 flex items-center justify-center mr-3 flex-shrink-0">1</span>
                                    <span>打开 Jenkins 管理界面</span>
                                </li>
                                <li class="flex items-start">
                                    <span class="bg-blue-100 text-blue-800 rounded-full w-6 h-6 flex items-center justify-center mr-3 flex-shrink-0">2</span>
                                    <span>进入 <code class="bg-gray-100 px-2 py-1 rounded">Manage Jenkins > Manage Plugins</code></span>
                                </li>
                                <li class="flex items-start">
                                    <span class="bg-blue-100 text-blue-800 rounded-full w-6 h-6 flex items-center justify-center mr-3 flex-shrink-0">3</span>
                                    <span>在 <code class="bg-gray-100 px-2 py-1 rounded">Available</code> 选项卡中搜索 <code class="bg-gray-100 px-2 py-1 rounded">Role Strategy</code> 并安装</span>
                                </li>
                            </ol>
                        </div>
                    </div>
                </div>
            </article>

            <!-- 2.2 -->
            <article class="mb-12">
                <h3 class="text-2xl font-semibold text-gray-800 mb-6 flex items-center">
                    <span class="bg-blue-600 text-white rounded-full w-8 h-8 flex items-center justify-center mr-3">2</span>
                    配置全局角色
                </h3>
                <div class="bg-white rounded-xl shadow-md overflow-hidden mb-8">
                    <div class="bg-gray-100 px-6 py-4 border-b">
                        <h4 class="font-medium text-gray-800 flex items-center">
                            <i class="fas fa-globe text-blue-500 mr-2"></i>全局角色说明
                        </h4>
                    </div>
                    <div class="p-6">
                        <p class="text-gray-700 mb-4">全局角色适用于整个 Jenkins 实例，可以定义用户的全局权限。</p>
                        <div class="overflow-x-auto">
                            <table class="min-w-full divide-y divide-gray-200">
                                <thead class="bg-gray-50">
                                    <tr>
                                        <th class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">角色</th>
                                        <th class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">权限描述</th>
                                        <th class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">适用对象</th>
                                    </tr>
                                </thead>
                                <tbody class="bg-white divide-y divide-gray-200">
                                    <tr>
                                        <td class="px-6 py-4 whitespace-nowrap font-medium text-gray-900">admin</td>
                                        <td class="px-6 py-4 whitespace-nowrap text-gray-600">拥有所有权限</td>
                                        <td class="px-6 py-4 whitespace-nowrap text-gray-600">系统管理员</td>
                                    </tr>
                                    <tr class="bg-gray-50">
                                        <td class="px-6 py-4 whitespace-nowrap font-medium text-gray-900">developer</td>
                                        <td class="px-6 py-4 whitespace-nowrap text-gray-600">可以创建和运行任务，但不能修改系统配置</td>
                                        <td class="px-6 py-4 whitespace-nowrap text-gray-600">开发团队</td>
                                    </tr>
                                    <tr>
                                        <td class="px-6 py-4 whitespace-nowrap font-medium text-gray-900">viewer</td>
                                        <td class="px-6 py-4 whitespace-nowrap text-gray-600">只能查看任务和构建结果</td>
                                        <td class="px-6 py-4 whitespace-nowrap text-gray-600">测试/产品团队</td>
                                    </tr>
                                </tbody>
                            </table>
                        </div>
                        <div class="mt-6 bg-blue-50 border border-blue-200 rounded-lg p-4">
                            <h5 class="font-medium text-blue-800 mb-2 flex items-center">
                                <i class="fas fa-cog mr-2"></i>配置步骤
                            </h5>
                            <ol class="list-decimal list-inside space-y-2 text-gray-700">
                                <li>进入 <code class="bg-blue-100 px-2 py-1 rounded">Manage Jenkins > Manage and Assign Roles > Manage Roles</code></li>
                                <li>在 <code class="bg-blue-100 px-2 py-1 rounded">Global roles</code> 部分，添加角色并分配权限</li>
                                <li>保存配置</li>
                            </ol>
                        </div>
                    </div>
                </div>
            </article>

            <!-- 2.3 -->
            <article class="mb-12">
                <h3 class="text-2xl font-semibold text-gray-800 mb-6 flex items-center">
                    <span class="bg-blue-600 text-white rounded-full w-8 h-8 flex items-center justify-center mr-3">3</span>
                    配置项目角色
                </h3>
                <div class="bg-white rounded-xl shadow-md overflow-hidden mb-8">
                    <div class="bg-gray-100 px-6 py-4 border-b">
                        <h4 class="font-medium text-gray-800 flex items-center">
                            <i class="fas fa-project-diagram text-blue-500 mr-2"></i>项目角色说明
                        </h4>
                    </div>
                    <div class="p-6">
                        <p class="text-gray-700 mb-4">项目角色适用于特定的 Jenkins 任务或项目，可以实现更细粒度的权限控制。</p>
                        <div class="grid grid-cols-1 md:grid-cols-2 gap-6 mt-6">
                            <div class="border border-gray-200 rounded-lg p-5">
                                <div class="flex items-center mb-3">
                                    <div class="bg-blue-100 p-2 rounded-full mr-3">
                                        <i class="fas fa-user-shield text-blue-600"></i>
                                    </div>
                                    <h5 class="font-medium">ts-admin</h5>
                                </div>
                                <p class="text-sm text-gray-600">可以管理 <code class="bg-gray-100 px-1 py-0.5 rounded">ts-*</code> 项目的所有任务</p>
                                <ul class="mt-3 space-y-1 text-sm text-gray-600">
                                    <li class="flex items-center">
                                        <i class="fas fa-check text-green-500 mr-2 text-xs"></i>
                                        <span>创建/删除任务</span>
                                    </li>
                                    <li class="flex items-center">
                                        <i class="fas fa-check text-green-500 mr-2 text-xs"></i>
                                        <span>修改配置</span>
                                    </li>
                                    <li class="flex items-center">
                                        <i class="fas fa-check text-green-500 mr-2 text-xs"></i>
                                        <span>查看构建日志</span>
                                    </li>
                                </ul>
                            </div>
                            <div class="border border-gray-200 rounded-lg p-5">
                                <div class="flex items-center mb-3">
                                    <div class="bg-green-100 p-2 rounded-full mr-3">
                                        <i class="fas fa-code text-green-600"></i>
                                    </div>
                                    <h5 class="font-medium">ts-developer</h5>
                                </div>
                                <p class="text-sm text-gray-600">可以运行 <code class="bg-gray-100 px-1 py-0.5 rounded">ts-*</code> 项目的任务，但不能修改配置</p>
                                <ul class="mt-3 space-y-1 text-sm text-gray-600">
                                    <li class="flex items-center">
                                        <i class="fas fa-check text-green-500 mr-2 text-xs"></i>
                                        <span>触发构建</span>
                                    </li>
                                    <li class="flex items-center">
                                        <i class="fas fa-check text-green-500 mr-2 text-xs"></i>
                                        <span>查看构建状态</span>
                                    </li>
                                    <li class="flex items-center">
                                        <i class="fas fa-times text-red-500 mr-2 text-xs"></i>
                                        <span>修改配置</span>
                                    </li>
                                </ul>
                            </div>
                        </div>
                        <div class="mt-6 bg-blue-50 border border-blue-200 rounded-lg p-4">
                            <h5 class="font-medium text-blue-800 mb-2 flex items-center">
                                <i class="fas fa-cog mr-2"></i>配置步骤
                            </h5>
                            <ol class="list-decimal list-inside space-y-2 text-gray-700">
                                <li>进入 <code class="bg-blue-100 px-2 py-1 rounded">Manage Jenkins > Manage and Assign Roles > Manage Roles</code></li>
                                <li>在 <code class="bg-blue-100 px-2 py-1 rounded">Project roles</code> 部分，添加角色并分配权限</li>
                                <li>设置项目名称模式 (如 <code class="bg-blue-100 px-2 py-1 rounded">ts-*</code>)</li>
                                <li>保存配置</li>
                            </ol>
                        </div>
                    </div>
                </div>
            </article>

            <!-- 2.4 -->
            <article class="mb-12">
                <h3 class="text-2xl font-semibold text-gray-800 mb-6 flex items-center">
                    <span class="bg-blue-600 text-white rounded-full w-8 h-8 flex items-center justify-center mr-3">4</span>
                    分配角色给用户
                </h3>
                <div class="bg-white rounded-xl shadow-md overflow-hidden">
                    <div class="bg-gray-100 px-6 py-4 border-b">
                        <h4 class="font-medium text-gray-800 flex items-center">
                            <i class="fas fa-user-tag text-blue-500 mr-2"></i>用户角色分配
                        </h4>
                    </div>
                    <div class="p-6">
                        <p class="text-gray-700 mb-4">将定义好的角色分配给具体的用户或用户组。</p>
                        <div class="mermaid">
                            graph LR
                            subgraph 用户组
                            A[开发团队] -->|分配| B[developer]
                            A -->|分配| C[ts-developer]
                            B --> D[创建/运行任务]
                            C --> E[运行ts-*任务]
                            end
                            subgraph 管理员
                            F[系统管理员] -->|分配| G[admin]
                            G --> H[所有权限]
                            end
                        </div>
                        <div class="mt-6 bg-blue-50 border border-blue-200 rounded-lg p-4">
                            <h5 class="font-medium text-blue-800 mb-2 flex items-center">
                                <i class="fas fa-cog mr-2"></i>配置步骤
                            </h5>
                            <ol class="list-decimal list-inside space-y-2 text-gray-700">
                                <li>进入 <code class="bg-blue-100 px-2 py-1 rounded">Manage Jenkins > Manage and Assign Roles > Assign Roles</code></li>
                                <li>在 <code class="bg-blue-100 px-2 py-1 rounded">Global roles</code> 和 <code class="bg-blue-100 px-2 py-1 rounded">Project roles</code> 部分，为用户分配相应的角色</li>
                                <li>保存配置</li>
                            </ol>
                        </div>
                    </div>
                </div>
            </article>
        </section>

        <hr class="section-divider my-12">

        <!-- Security Hardening Section -->
        <section class="mb-16">
            <div class="flex items-center mb-8">
                <div class="w-12 h-1 bg-blue-600 mr-4"></div>
                <h2 class="text-3xl font-bold text-gray-800">3. Jenkins 安全加固</h2>
            </div>

            <!-- 3.1 -->
            <article class="mb-12">
                <h3 class="text-2xl font-semibold text-gray-800 mb-6 flex items-center">
                    <span class="bg-red-600 text-white rounded-full w-8 h-8 flex items-center justify-center mr-3">1</span>
                    启用安全配置
                </h3>
                <div class="grid grid-cols-1 md:grid-cols-2 gap-8">
                    <div class="bg-white rounded-xl shadow-md overflow-hidden">
                        <div class="bg-gray-100 px-6 py-4 border-b">
                            <h4 class="font-medium text-gray-800 flex items-center">
                                <i class="fas fa-shield-alt text-red-500 mr-2"></i>安全配置概览
                            </h4>
                        </div>
                        <div class="p-6">
                            <p class="text-gray-700 mb-4">Jenkins 默认的安全配置较为宽松，建议启用以下安全设置：</p>
                            <div class="space-y-4">
                                <div class="flex items-start">
                                    <div class="bg-red-100 p-2 rounded-full mr-3 mt-1">
                                        <i class="fas fa-check text-red-500 text-sm"></i>
                                    </div>
                                    <div>
                                        <h5 class="font-medium">启用安全</h5>
                                        <p class="text-sm text-gray-600">强制要求用户认证</p>
                                    </div>
                                </div>
                                <div class="flex items-start">
                                    <div class="bg-red-100 p-2 rounded-full mr-3 mt-1">
                                        <i class="fas fa-check text-red-500 text-sm"></i>
                                    </div>
                                    <div>
                                        <h5 class="font-medium">安全域配置</h5>
                                        <p class="text-sm text-gray-600">使用Jenkins内部用户数据库或LDAP/AD</p>
                                    </div>
                                </div>
                                <div class="flex items-start">
                                    <div class="bg-red-100 p-2 rounded-full mr-3 mt-1">
                                        <i class="fas fa-check text-red-500 text-sm"></i>
                                    </div>
                                    <div>
                                        <h5 class="font-medium">授权策略</h5>
                                        <p class="text-sm text-gray-600">选择基于角色的授权策略</p>
                                    </div>
                                </div>
                            </div>
                        </div>
                    </div>
                    <div class="bg-white rounded-xl shadow-md overflow-hidden">
                        <div class="bg-gray-100 px-6 py-4 border-b">
                            <h4 class="font-medium text-gray-800 flex items-center">
                                <i class="fas fa-cogs text-red-500 mr-2"></i>配置步骤
                            </h4>
                        </div>
                        <div class="p-6">
                            <ol class="space-y-4">
                                <li class="flex items-start">
                                    <span class="bg-red-100 text-red-800 rounded-full w-6 h-6 flex items-center justify-center mr-3 flex-shrink-0">1</span>
                                    <span>进入 <code class="bg-gray-100 px-2 py-1 rounded">Manage Jenkins > Configure Global Security</code></span>
                                </li>
                                <li class="flex items-start">
                                    <span class="bg-red-100 text-red-800 rounded-full w-6 h-6 flex items-center justify-center mr-3 flex-shrink-0">2</span>
                                    <span>启用 <code class="bg-gray-100 px-2 py-1 rounded">Enable security</code></span>
                                </li>
                                <li class="flex items-start">
                                    <span class="bg-red-100 text-red-800 rounded-full w-6 h-6 flex items-center justify-center mr-3 flex-shrink-0">3</span>
                                    <span>选择 <code class="bg-gray-100 px-2 py-1 rounded">Security Realm</code>，如 <code class="bg-gray-100 px-2 py-1 rounded">Jenkins' own user database</code> 或 <code class="bg-gray-100 px-2 py-1 rounded">LDAP</code></span>
                                </li>
                                <li class="flex items-start">
                                    <span class="bg-red-100 text-red-800 rounded-full w-6 h-6 flex items-center justify-center mr-3 flex-shrink-0">4</span>
                                    <span>选择 <code class="bg-gray-100 px-2 py-1 rounded">Authorization</code>，如 <code class="bg-gray-100 px-2 py-1 rounded">Role-Based Strategy</code></span>
                                </li>
                                <li class="flex items-start">
                                    <span class="bg-red-100 text-red-800 rounded-full w-6 h-6 flex items-center justify-center mr-3 flex-shrink-0">5</span>
                                    <span>保存配置</span>
                                </li>
                            </ol>
                        </div>
                    </div>
                </div>
            </article>

            <!-- 3.2 -->
            <article class="mb-12">
                <h3 class="text-2xl font-semibold text-gray-800 mb-6 flex items-center">
                    <span class="bg-red-600 text-white rounded-full w-8 h-8 flex items-center justify-center mr-3">2</span>
                    使用 HTTPS
                </h3>
                <div class="bg-white rounded-xl shadow-md overflow-hidden">
                    <div class="bg-gray-100 px-6 py-4 border-b">
                        <h4 class="font-medium text-gray-800 flex items-center">
                            <i class="fas fa-lock text-red-500 mr-2"></i>HTTPS 加密通信
                        </h4>
                    </div>
                    <div class="p-6">
                        <p class="text-gray-700 mb-4">通过 HTTPS 加密 Jenkins 的通信，防止数据在传输过程中被窃取。</p>
                        <div class="grid grid-cols-1 md:grid-cols-2 gap-6">
                            <div class="border border-gray-200 rounded-lg p-5">
                                <div class="flex items-center mb-3">
                                    <div class="bg-blue-100 p-2 rounded-full mr-3">
                                        <i class="fas fa-certificate text-blue-600"></i>
                                    </div>
                                    <h5 class="font-medium">获取SSL证书</h5>
                                </div>
                                <ul class="mt-3 space-y-2 text-sm text-gray-600">
                                    <li class="flex items-start">
                                        <i class="fas fa-check text-green-500 mr-2 text-xs mt-0.5"></i>
                                        <span>使用Let's Encrypt获取免费证书</span>
                                    </li>
                                    <li class="flex items-start">
                                        <i class="fas fa-check text-green-500 mr-2 text-xs mt-0.5"></i>
                                        <span>或从CA机构购买商业证书</span>
                                    </li>
                                    <li class="flex items-start">
                                        <i class="fas fa-check text-green-500 mr-2 text-xs mt-0.5"></i>
                                        <span>也可使用自签名证书(仅测试环境)</span>
                                    </li>
                                </ul>
                            </div>
                            <div class="border border-gray-200 rounded-lg p-5">
                                <div class="flex items-center mb-3">
                                    <div class="bg-green-100 p-2 rounded-full mr-3">
                                        <i class="fas fa-server text-green-600"></i>
                                    </div>
                                    <h5 class="font-medium">配置Jenkins使用HTTPS</h5>
                                </div>
                                <div class="mt-3">
                                    <pre class="bg-gray-800 text-green-400 p-4 rounded-lg text-xs overflow-x-auto"><code>java -jar jenkins.war --httpPort=-1 \
--httpsPort=443 \
--httpsKeyStore=/path/to/keystore \
--httpsKeyStorePassword=password</code></pre>
                                </div>
                            </div>
                        </div>
                    </div>
                </div>
            </article>

            <!-- 3.3 -->
            <article class="mb-12">
                <h3 class="text-2xl font-semibold text-gray-800 mb-6 flex items-center">
                    <span class="bg-red-600 text-white rounded-full w-8 h-8 flex items-center justify-center mr-3">3</span>
                    限制脚本执行
                </h3>
                <div class="bg-white rounded-xl shadow-md overflow-hidden">
                    <div class="bg-gray-100 px-6 py-4 border-b">
                        <h4 class="font-medium text-gray-800 flex items-center">
                            <i class="fas fa-code text-red-500 mr-2"></i>脚本执行风险控制
                        </h4>
                    </div>
                    <div class="p-6">
                        <p class="text-gray-700 mb-4">Jenkins 允许通过 Groovy 脚本执行系统命令，这可能导致安全风险。建议限制脚本执行权限。</p>
                        <div class="bg-red-50 border border-red-200 rounded-lg p-4 mb-6">
                            <div class="flex items-start">
                                <div class="text-red-500 mr-3">
                                    <i class="fas fa-exclamation-triangle"></i>
                                </div>
                                <div>
                                    <h5 class="font-medium text-red-800">风险警示</h5>
                                    <p class="text-sm text-gray-700">恶意脚本可能执行危险系统命令，如删除文件、窃取数据或安装恶意软件。</p>
                                </div>
                            </div>
                        </div>
                        <div class="bg-blue-50 border border-blue-200 rounded-lg p-4">
                            <h5 class="font-medium text-blue-800 mb-2 flex items-center">
                                <i class="fas fa-cog mr-2"></i>配置步骤
                            </h5>
                            <ol class="list-decimal list-inside space-y-2 text-gray-700">
                                <li>进入 <code class="bg-blue-100 px-2 py-1 rounded">Manage Jenkins > In-process Script Approval</code></li>
                                <li>禁用 <code class="bg-blue-100 px-2 py-1 rounded">Enable script security for Groovy scripts</code></li>
                                <li>仅允许受信任的用户执行脚本</li>
                                <li>定期审查脚本执行日志</li>
                            </ol>
                        </div>
                    </div>
                </div>
            </article>

            <!-- 3.4 -->
            <article class="mb-12">
                <h3 class="text-2xl font-semibold text-gray-800 mb-6 flex items-center">
                    <span class="bg-red-600 text-white rounded-full w-8 h-8 flex items-center justify-center mr-3">4</span>
                    定期更新 Jenkins 和插件
                </h3>
                <div class="bg-white rounded-xl shadow-md overflow-hidden">
                    <div class="bg-gray-100 px-6 py-4 border-b">
                        <h4 class="font-medium text-gray-800 flex items-center">
                            <i class="fas fa-sync-alt text-red-500 mr-2"></i>更新维护策略
                        </h4>
                    </div>
                    <div class="p-6">
                        <p class="text-gray-700 mb-4">Jenkins 和插件的更新通常包含安全修复，建议定期更新。</p>
                        <div class="grid grid-cols-1 md:grid-cols-2 gap-6">
                            <div class="border border-gray-200 rounded-lg p-5">
                                <div class="flex items-center mb-3">
                                    <div class="bg-purple-100 p-2 rounded-full mr-3">
                                        <i class="fas fa-puzzle-piece text-purple-600"></i>
                                    </div>
                                    <h5 class="font-medium">插件更新</h5>
                                </div>
                                <ol class="mt-3 space-y-2 text-sm text-gray-600">
                                    <li class="flex items-start">
                                        <span class="bg-purple-100 text-purple-800 rounded-full w-5 h-5 flex items-center justify-center mr-2 text-xs flex-shrink-0">1</span>
                                        <span>进入 <code class="bg-gray-100 px-1 py-0.5 rounded">Manage Jenkins > Manage Plugins</code></span>
                                    </li>
                                    <li class="flex items-start">
                                        <span class="bg-purple-100 text-purple-800 rounded-full w-5 h-5 flex items-center justify-center mr-2 text-xs flex-shrink-0">2</span>
                                        <span>在 <code class="bg-gray-100 px-1 py-0.5 rounded">Updates</code> 选项卡中，更新所有可用的插件</span>
                                    </li>
                                    <li class="flex items-start">
                                        <span class="bg-purple-100 text-purple-800 rounded-full w-5 h-5 flex items-center justify-center mr-2 text-xs flex-shrink-0">3</span>
                                        <span>重启Jenkins使更新生效</span>
                                    </li>
                                </ol>
                            </div>
                            <div class="border border-gray-200 rounded-lg p-5">
                                <div class="flex items-center mb-3">
                                    <div class="bg-orange-100 p-2 rounded-full mr-3">
                                        <i class="fas fa-heartbeat text-orange-600"></i>
                                    </div>
                                    <h5 class="font-medium">Jenkins版本更新</h5>
                                </div>
                                <ol class="mt-3 space-y-2 text-sm text-gray-600">
                                    <li class="flex items-start">
                                        <span class="bg-orange-100 text-orange-800 rounded-full w-5 h-5 flex items-center justify-center mr-2 text-xs flex-shrink-0">1</span>
                                        <span>定期检查 <a href="https://www.jenkins.io/download/" class="text-blue-600 hover:underline">Jenkins官网</a> 获取最新版本</span>
                                    </li>
                                    <li class="flex items-start">
                                        <span class="bg-orange-100 text-orange-800 rounded-full w-5 h-5 flex items-center justify-center mr-2 text-xs flex-shrink-0">2</span>
                                        <span>备份现有配置和数据</span>
                                    </li>
                                    <li class="flex items-start">
                                        <span class="bg-orange-100 text-orange-800 rounded-full w-5 h-5 flex items-center justify-center mr-2 text-xs flex-shrink-0">3</span>
                                        <span>按照官方指南进行升级</span>
                                    </li>
                                </ol>
                            </div>
                        </div>
                    </div>
                </div>
            </article>

            <!-- 3.5 -->
            <article class="mb-12">
                <h3 class="text-2xl font-semibold text-gray-800 mb-6 flex items-center">
                    <span class="bg-red-600 text-white rounded-full w-8 h-8 flex items-center justify-center mr-3">5</span>
                    启用审计日志
                </h3>
                <div class="bg-white rounded-xl shadow-md overflow-hidden">
                    <div class="bg-gray-100 px-6 py-4 border-b">
                        <h4 class="font-medium text-gray-800 flex items-center">
                            <i class="fas fa-clipboard-list text-red-500 mr-2"></i>审计日志配置
                        </h4>
                    </div>
                    <div class="p-6">
                        <p class="text-gray-700 mb-4">通过审计日志记录用户的操作，便于追踪和排查安全问题。</p>
                        <div class="grid grid-cols-1 md:grid-cols-2 gap-8">
                            <div>
                                <h5 class="font-medium text-gray-800 mb-3 flex items-center">
                                    <i class="fas fa-list-ul text-red-500 mr-2"></i>日志类型
                                </h5>
                                <ul class="space-y-3">
                                    <li class="flex items-start">
                                        <div class="bg-red-100 p-1 rounded-full mr-3">
                                            <i class="fas fa-check text-red-500 text-xs"></i>
                                        </div>
                                        <div>
                                            <span class="font-medium">安全日志</span>
                                            <p class="text-sm text-gray-600">记录认证和授权相关事件</p>
                                        </div>
                                    </li>
                                    <li class="flex items-start">
                                        <div class="bg-red-100 p-1 rounded-full mr-3">
                                            <i class="fas fa-check text-red-500 text-xs"></i>
                                        </div>
                                        <div>
                                            <span class="font-medium">访问日志</span>
                                            <p class="text-sm text-gray-600">记录用户访问和操作</p>
                                        </div>
                                    </li>
                                    <li class="flex items-start">
                                        <div class="bg-red-100 p-1 rounded-full mr-3">
                                            <i class="fas fa-check text-red-500 text-xs"></i>
                                        </div>
                                        <div>
                                            <span class="font-medium">系统日志</span>
                                            <p class="text-sm text-gray-600">记录系统配置变更</p>
                                        </div>
                                    </li>
                                </ul>
                            </div>
                            <div>
                                <h5 class="font-medium text-gray-800 mb-3 flex items-center">
                                    <i class="fas fa-cogs text-red-500 mr-2"></i>配置步骤
                                </h5>
                                <ol class="space-y-2 text-sm text-gray-700">
                                    <li class="flex items-start">
                                        <span class="bg-red-100 text-red-800 rounded-full w-5 h-5 flex items-center justify-center mr-2 text-xs flex-shrink-0">1</span>
                                        <span>进入 <code class="bg-gray-100 px-1 py-0.5 rounded">Manage Jenkins > System Log > Add new log recorder</code></span>
                                    </li>
                                    <li class="flex items-start">
                                        <span class="bg-red-100 text-red-800 rounded-full w-5 h-5 flex items-center justify-center mr-2 text-xs flex-shrink-0">2</span>
                                        <span>创建一个新的日志记录器，如 <code class="bg-gray-100 px-1 py-0.5 rounded">Audit Log</code></span>
                                    </li>
                                    <li class="flex items-start">
                                        <span class="bg-red-100 text-red-800 rounded-full w-5 h-5 flex items-center justify-center mr-2 text-xs flex-shrink-0">3</span>
                                        <span>添加 <code class="bg-gray-100 px-1 py-0.5 rounded">Security</code> 和 <code class="bg-gray-100 px-1 py-0.5 rounded">Access</code> 日志记录器</span>
                                    </li>
                                    <li class="flex items-start">
                                        <span class="bg-red-100 text-red-800 rounded-full w-5 h-5 flex items-center justify-center mr-2 text-xs flex-shrink-0">4</span>
                                        <span>定期检查审计日志</span>
                                    </li>
                                </ol>
                            </div>
                        </div>
                    </div>
                </div>
            </article>
        </section>

        <hr class="section-divider my-12">

        <!-- Case Studies -->
        <section class="mb-16">
            <div class="flex items-center mb-8">
                <div class="w-12 h-1 bg-blue-600 mr-4"></div>
                <h2 class="text-3xl font-bold text-gray-800">4. 实际项目中的应用</h2>
            </div>

            <div class="grid grid-cols-1 md:grid-cols-3 gap-8">
                <!-- Case 1 -->
                <div class="card bg-white rounded-xl shadow-md overflow-hidden transition duration-300">
                    <div class="bg-blue-600 px-6 py-4">
                        <h3 class="text-xl font-semibold text-white">ts-web 项目</h3>
                    </div>
                    <div class="p-6">
                        <div class="flex items-center mb-4">
                            <div class="bg-blue-100 p-2 rounded-full mr-3">
                                <i class="fas fa-users-cog text-blue-600"></i>
                            </div>
                            <h4 class="font-medium">权限配置</h4>
                        </div>
                        <ul class="space-y-3 text-gray-700">
                            <li class="flex items-start">
                                <i class="fas fa-check text-green-500 mt-1 mr-2"></i>
                                <span><strong>ts-admin</strong>: 可以管理所有 <code class="bg-gray-100 px-1 py-0.5 rounded">ts-web</code> 任务</span>
                            </li>
                            <li class="flex items-start">
                                <i class="fas fa-check text-green-500 mt-1 mr-2"></i>
                                <span><strong>ts-developer</strong>: 可以运行 <code class="bg-gray-100 px-1 py-0.5 rounded">ts-web</code> 任务，但不能修改配置</span>
                            </li>
                            <li class="flex items-start">
                                <i class="fas fa-check text-green-500 mt-1 mr-2"></i>
                                <span><strong>ts-viewer</strong>: 只能查看 <code class="bg-gray-100 px-1 py-0.5 rounded">ts-web</code> 任务的构建结果</span>
                            </li>
                        </ul>
                    </div>
                </div>

                <!-- Case 2 -->
                <div class="card bg-white rounded-xl shadow-md overflow-hidden transition duration-300">
                    <div class="bg-green-600 px-6 py-4">
                        <h3 class="text-xl font-semibold text-white">ts-api 项目</h3>
                    </div>
                    <div class="p-6">
                        <div class="flex items-center mb-4">
                            <div class="bg-green-100 p-2 rounded-full mr-3">
                                <i class="fas fa-lock text-green-600"></i>
                            </div>
                            <h4 class="font-medium">HTTPS 配置</h4>
                        </div>
                        <p class="text-gray-700 mb-4">在 <code class="bg-gray-100 px-1 py-0.5 rounded">ts-api</code> 项目中，团队配置了 HTTPS，确保 Jenkins 的通信安全。</p>
                        <div class="bg-green-50 border border-green-200 rounded-lg p-3">
                            <div class="flex items-center">
                                <i class="fas fa-certificate text-green-500 mr-2"></i>
                                <span class="text-sm font-medium">使用 Let's Encrypt 的免费 SSL 证书</span>
                            </div>
                            <p class="text-xs text-gray-600 mt-1">零成本的 HTTPS 配置方案</p>
                        </div>
                    </div>
                </div>

                <!-- Case 3 -->
                <div class="card bg-white rounded-xl shadow-md overflow-hidden transition duration-300">
                    <div class="bg-purple-600 px-6 py-4">
                        <h3 class="text-xl font-semibold text-white">ts-mobile 项目</h3>
                    </div>
                    <div class="p-6">
                        <div class="flex items-center mb-4">
                            <div class="bg-purple-100 p-2 rounded-full mr-3">
                                <i class="fas fa-code text-purple-600"></i>
                            </div>
                            <h4 class="font-medium">脚本执行限制</h4>
                        </div>
                        <p class="text-gray-700 mb-4">在 <code class="bg-gray-100 px-1 py-0.5 rounded">ts-mobile</code> 项目中，团队限制了脚本执行权限。</p>
                        <ul class="space-y-2 text-gray-700">
                            <li class="flex items-start">
                                <i class="fas fa-check-circle text-green-500 mt-1 mr-2 text-sm"></i>
                                <span class="text-sm">仅允许管理员执行 Groovy 脚本</span>
                            </li>
                            <li class="flex items-start">
                                <i class="fas fa-check-circle text-green-500 mt-1 mr-2 text-sm"></i>
                                <span class="text-sm">定期审查脚本执行日志</span>
                            </li>
                            <li class="flex items-start">
                                <i class="fas fa-check-circle text-green-500 mt-1 mr-2 text-sm"></i>
                                <span class="text-sm">确保了 Jenkins 的安全性</span>
                            </li>
                        </ul>
                    </div>
                </div>
            </div>
        </section>

        <hr class="section-divider my-12">

        <!-- Best Practices -->
        <section class="mb-16">
            <div class="flex items-center mb-8">
                <div class="w-12 h-1 bg-blue-600 mr-4"></div>
                <h2 class="text-3xl font-bold text-gray-800">5. 最佳实践</h2>
            </div>

            <div class="grid grid-cols-1 md:grid-cols-2 gap-8">
                <!-- Practice 1 -->
                <div class="bg-white rounded-xl shadow-md overflow-hidden">
                    <div class="bg-gradient-to-r from-blue-600 to-blue-800 px-6 py-4">
                        <h3 class="text-xl font-semibold text-white flex items-center">
                            <i class="fas fa-user-lock mr-3"></i>最小权限原则
                        </h3>
                    </div>
                    <div class="p-6">
                        <p class="text-gray-700 mb-4">遵循最小权限原则，只授予用户完成任务所需的最小权限，避免过度授权。</p>
                        <div class="flex items-center text-sm text-blue-600">
                            <i class="fas fa-lightbulb mr-2"></i>
                            <span>实践建议: 从零开始授予权限，按需增加</span>
                        </div>
                    </div>
                </div>

                <!-- Practice 2 -->
                <div class="bg-white rounded-xl shadow-md overflow-hidden">
                    <div class="bg-gradient-to-r from-green-600 to-green-800 px-6 py-4">
                        <h3 class="text-xl font-semibold text-white flex items-center">
                            <i class="fas fa-calendar-check mr-3"></i>定期审查权限
                        </h3>
                    </div>
                    <div class="p-6">
                        <p class="text-gray-700 mb-4">定期审查用户的权限配置，确保权限分配符合实际需求。</p>
                        <div class="flex items-center text-sm text-green-600">
                            <i class="fas fa-lightbulb mr-2"></i>
                            <span>实践建议: 每季度审计一次权限配置</span>
                        </div>
                    </div>
                </div>

                <!-- Practice 3 -->
                <div class="bg-white rounded-xl shadow-md overflow-hidden">
                    <div class="bg-gradient-to-r from-red-600 to-red-800 px-6 py-4">
                        <h3 class="text-xl font-semibold text-white flex items-center">
                            <i class="fas fa-key mr-3"></i>使用强密码
                        </h3>
                    </div>
                    <div class="p-6">
                        <p class="text-gray-700 mb-4">为 Jenkins 用户设置强密码，并启用密码策略，如密码长度、复杂性和有效期。</p>
                        <div class="grid grid-cols-2 gap-4 text-sm">
                            <div class="flex items-center text-red-600">
                                <i class="fas fa-check mr-2"></i>
                                <span>最少12位字符</span>
                            </div>
                            <div class="flex items-center text-red-600">
                                <i class="fas fa-check mr-2"></i>
                                <span>包含大小写字母</span>
                            </div>
                            <div class="flex items-center text-red-600">
                                <i class="fas fa-check mr-2"></i>
                                <span>包含数字和符号</span>
                            </div>
                            <div class="flex items-center text-red-600">
                                <i class="fas fa-check mr-2"></i>
                                <span>90天有效期</span>
                            </div>
                        </div>
                    </div>
                </div>

                <!-- Practice 4 -->
                <div class="bg-white rounded-xl shadow-md overflow-hidden">
                    <div class="bg-gradient-to-r from-purple-600 to-purple-800 px-6 py-4">
                        <h3 class="text-xl font-semibold text-white flex items-center">
                            <i class="fas fa-database mr-3"></i>备份配置
                        </h3>
                    </div>
                    <div class="p-6">
                        <p class="text-gray-700 mb-4">定期备份 Jenkins 的配置和数据，防止数据丢失或配置被篡改。</p>
                        <div class="space-y-3">
                            <div class="flex items-center text-sm text-purple-600">
                                <i class="fas fa-cloud mr-2"></i>
                                <span>每日增量备份</span>
                            </div>
                            <div class="flex items-center text-sm text-purple-600">
                                <i class="fas fa-server mr-2"></i>
                                <span>每周全量备份</span>
                            </div>
                            <div class="flex items-center text-sm text-purple-600">
                                <i class="fas fa-shield-alt mr-2"></i>
                                <span>备份文件加密存储</span>
                            </div>
                        </div>
                    </div>
                </div>
            </div>
        </section>

        <!-- Summary Visualization -->
        <section class="mb-16 bg-white rounded-xl shadow-md p-6">
            <div class="flex items-center mb-6">
                <div class="bg-blue-100 p-3 rounded-lg mr-4">
                    <i class="fas fa-sitemap text-blue-500 text-xl"></i>
                </div>
                <h2 class="text-2xl font-bold text-gray-800">Jenkins安全全景图</h2>
            </div>
            <div class="mermaid">
                graph TD
                A[Jenkins安全加固] --> B[权限管理]
                A --> C[通信安全]
                A --> D[操作审计]
                B --> E[Role Strategy插件]
                B --> F[最小权限原则]
                B --> G[定期审查]
                C --> H[HTTPS加密]
                C --> I[脚本执行限制]
                D --> J[启用审计日志]
                D --> K[定期检查]
                E --> L[全局角色]
                E --> M[项目角色]
                E --> N[用户分配]
                H --> O[Let's Encrypt]
                H --> P[自签名证书]
            </div>
        </section>
    </main>

    <!-- Footer -->
    <footer class="bg-gray-900 text-gray-300 py-8">
        <div class="container mx-auto px-4 max-w-5xl">
            <div class="flex flex-col md:flex-row justify-between items-center">
                <div class="mb-4 md:mb-0">
                    <h3 class="text-xl font-semibold text-white mb-2">技术小馆</h3>
                    <p class="text-sm">专业的DevOps技术分享平台</p>
                </div>
                <div>
                    <a href="http://www.yuque.com/jtostring" class="text-blue-400 hover:text-blue-300 transition duration-300 flex items-center">
                        <i class="fas fa-external-link-alt mr-2"></i>
                        <span>http://www.yuque.com/jtostring</span>
                    </a>
                </div>
            </div>
            <div class="border-t border-gray-800 mt-6 pt-6 text-sm text-center text-gray-500">
                &copy; 2023 技术小馆. 保留所有权利.
            </div>
        </div>
    </footer>

    <script>
        mermaid.initialize({
            startOnLoad: true,
            theme: 'default',
            flowchart: {
                useMaxWidth: true,
                htmlLabels: true,
                curve: 'basis'
            },
            securityLevel: 'loose'
        });

        // Add tooltip functionality for mermaid diagrams
        document.querySelectorAll('.mermaid').forEach(diagram => {
            diagram.addEventListener('mouseover', function(e) {
                if (e.target.tagName === 'text') {
                    const tooltip = document.createElement('div');
                    tooltip.className = 'mermaid-tooltip';
                    tooltip.textContent = e.target.textContent;
                    tooltip.style.left = `${e.pageX + 15}px`;
                    tooltip.style.top = `${e.pageY + 15}px`;
                    document.body.appendChild(tooltip);
                    tooltip.style.display = 'block';
                    
                    e.target.addEventListener('mouseout', function() {
                        tooltip.remove();
                    }, { once: true });
                }
            });
        });
    </script>
</body>
</html>